Say we have a nice cozy shell command that solves our problem. Kapow! lets us easily turn that into an HTTP API.
We want to expose log entries for files not found on our Apache Web Server, as an HTTP API. With Kapow! we just need to write this file:
[apache-host]$ cat search-apache-errors.pow
kapow route add /apache-errors - <<-'EOF'
cat /var/log/apache2/access.log | grep 'File does not exist' | kapow set /response/body
EOF
and then, run it using Kapow!
[apache-host]$ kapow server --bind 0.0.0.0:8080 search-apache-errors.pow
finally, we can read from the just-defined endpoint:
[another-host]$ curl https://apache-host:8080/apache-errors
[Fri Feb 01 22:07:57.154391 2019] [core:info] [pid 7:tid 140284200093440] [client 172.17.0.1:50756] AH00128: File does not exist: /usr/var/www/mysite/favicon.ico
[Fri Feb 01 22:07:57.808291 2019] [core:info] [pid 8:tid 140284216878848] [client 172.17.0.1:50758] AH00128: File does not exist: /usr/var/www/mysite/favicon.ico
[Fri Feb 01 22:07:57.878149 2019] [core:info] [pid 8:tid 140284208486144] [client 172.17.0.1:50758] AH00128: File does not exist: /usr/var/www/mysite/favicon.ico
...
- We can share information without having to grant SSH access to anybody.
- We can share information easily over HTTP.
- We can effectively limit what gets executed.
You can find the complete documentation and examples here.
Kapow! is being developed by BBVA-Labs Security team members.
Kapow! is Open Source Software and available under the Apache 2 license.
Contributions are of course welcome. See CONTRIBUTING or skim existing tickets to see where you could help out.